Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Tools and features introduced with the intention of benefiting and empowering an organization can sometimes end up being misused. PowerShell is a classic example.

Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw.

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy.

Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.

ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been.

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives.

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM) tools like Tripwire Enterprise (TE) to assist you on your Zero Trust (ZT) journey.

It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community. To finish the year off, I wanted to look back on some of my personal favorites. I’ve tried to include a mixture of different styles, topics and authors.

TikTok, the popular video posting app, has come under increased scrutiny. Recently, two lawsuits filed against the platform accused TikTok of privacy violations. According to a report from Reuters, a plaintiff accused TikTok of creating an account without her knowledge or consent in one lawsuit filed in California. The lawsuit accused TikTok of creating a file on the user. This file allegedly included biometric data based on videos that the user created, but did not upload.

At some point in the past, I began making new year’s resolutions for doing a bit of personal privacy and security maintenance on New Year’s Day or thereabouts. I would usually have a bit of downtime to finally get around to doing the things I’d been putting off all year. It’s become a fun habit that I wanted to share.